Wählen Sie Ihre Region und Ihre Sprache

Los

Wonach suchen Sie?

Menü

Webinar: Energy & Digital World

Energy & Digital World aims to bring together thought leaders and technology experts to define future digital and energy platforms.

Register Now

The Incident Detection & Response service (IDR) provides support in the event of a security incident as part of the Incident Response process. It is composed by two sub-services: the  Anomaly Detection Service and the Intrusions Detection Service (IDS). 

The Anomaly Detection Service (ADS) is provided by a local application (Anomaly Detection Sensor) installed in each substation, aiming to provide continuous vulnerability monitoring, anomaly and asset change detection.  The objective of the Intrusion Detection Service is to set up an active and intelligent video surveillance solution, in the scope of technological advances and the ease of access to high-end products in the physical security domain.

Overall, the IDR provides the following set of advantages:

  • Facilitating the compliance for applicable regulations (e.g. IT-Sicherheitsgesetz 2.0)

  • Continued improvement of grid and process management

  • Service availability guaranteed by full redundance of SOCs (both in IDS and ADS)

  • Industry specific attack patterns are applied resulting in increased protection

  • Use of the latest technology, including regular updates of defense mechanisms

  • 24/7 security monitoring and operation of security equipment with stocks of spare parts*

  • Support at any point in time from highly qualified and certified security professionals with deep level expertise from tier 1 Internet operator, OT and physical security market leaders

  • Continuous improvement of power operations through in-depth OT expertise supporting the security process

  • Correlation of all security-related data allows filtering relevant information, reducing false positives on IT & OT alarms with zero false positives in physical security

  • Predicting trends and issue proactive alerts/actions

  • Independent temperature measurement of primary technology

  • Strongly enhancing safety in work environment through advanced algorithms

In case of a Crisis Situation:
 

  • Real fast security response with minimal interruption of security services

  • 3 additional control centers to monitor and defend – the customer  can focus on core business and instruct

  • 1 touch point for fully integrated support with correlated analysis from physical, IT & OT specialists

  • Fast-reaction intervention  on infrastructure security (e.g. remote loudspeaker intervention) and OT support

  • SOC activities and independent data are available for forensics analysis, audit and investigation purposes

The Vulnerability Management service is composed by two sub-services: the Vulnerability Advisory Service (VAS) and the Vulnerability Monitoring Service (VMS)

The VAS provides regular security information related to advisories for published vulnerabilities. The VMS checks the Network Control Center for vulnerabilities, and it can take place in a fixed cycle on site or online. 

Together, they provide the following set of advantages:
 

  • Facilitating the compliance for upcoming regulations

  • Informing timely about the reported vulnerabilities by different sources (e.g. CERTs)

  • Provision of a report tailored to the customer including vulnerabilities, criticalities, and related actionable recommendations

  • Supporting on patching measures (optional)

  • Anomaly Detection Service (ADS) undergoes a frequent and automatic configuration to avoid exploitations

  • The attention of the analysts is driven by anomaly detection

Threat Analysis Service provide insight into recent attacks, customer exposure within data breaches or qualified information for detection of malicious activities. 
 

  • Early recognition of attack patterns

  • Preventing the usage of stolen account information (i.e., regular monitoring of market-places in the darknet for malicious activities targeting AET)

  • More accurate and faster response on security incidents through correlation

  • Actionable measures to mitigate the risks from relevant threats

  • Domain monitoring suspicious websites that are similar to the customers’ one

The goal of this service is to create an asset inventory of the substation’s asset and monitored area of the Customer Control Center. The Asset Register Services defines the Incident Detection and Response Process depending on the asset criticality within the Asset Register. 

The main advantages provided by the ARS are:
 

  • A baseline service for the implementation of the other ISC services

  • It provides an accurate and up-to-date asset inventory list, including installation location, function details, criticalities, and potential vulnerabilities

  • A Change Management process and ADS sensor guarantee automated data updates

  • An easy access to data used for operation purposes (e.g. lifecycle management)

  • It facilitates the compliance for applicable regulations (e.g. IT-Sicherheitsgesetz 2.0)

Always in the framework of the Initial assessment, the Physical Security and Configuration Assessment allows to evaluate the state of physical security of a site and gives recommendations for improvement. 

As per the Asset, Vulnerability & Configuration Assessment, the major advantages of the Physical Security & Configuration Assessment are:
 

  • Provision of an overview on the actual security status on the three domains (OT, IT and physical)

  • Provision of an overview on the actual compliance level to applicable regulations

  • Enabling the implementation of ISC services

  • Provision of a gap analysis and related advice

The Initial Assessment Services are intended to understand the Customer’s security situation, provide an overview of existing security risks and establish a security baseline.The goal of this service is to produce a baseline of the customer’s asset register of the site and identify existing technical vulnerabilities before deploying the OT, Cybersecurity Operational Services and Physical Security Operational Services.

Some of the main benefits of this service are listed below:
 

  • Provision of an overview on the actual security status on the three domains (OT, IT and physical)

  • Provision of an overview on the actual compliance level to applicable regulations

  • Enabling the implementation of ISC services

  • Provision of a gap analysis and related advice

Webinar: Energy & Digital World

Energy & Digital World aims to bring together thought leaders and technology experts to define future digital and energy platforms.

Register Now

Get to know more